Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/In8AAI021j7e9C3OzCifempGXGU.roa
File:                     In8AAI021j7e9C3OzCifempGXGU.roa (raw, json)
Hash identifier:          n95Mzfes1U6Uouwe7mzr3nrr5q2nA4UKQWYDEOqCgKc=
Subject key identifier:   22:7F:00:00:8D:36:D6:3E:DE:F4:2D:CE:CC:28:9F:7A:6A:46:5C:65
Certificate issuer:       /CN=0ce851b6dd5d364ee19e0b38201b3e8df2624bcb
Certificate serial:       018CC42563A888991AAB3B8257995B0C1FCD
Authority key identifier: 0C:E8:51:B6:DD:5D:36:4E:E1:9E:0B:38:20:1B:3E:8D:F2:62:4B:CB
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/DOhRtt1dNk7hngs4IBs-jfJiS8s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/In8AAI021j7e9C3OzCifempGXGU.roa
Signing time:             Mon 01 Jan 2024 08:30:33 +0000
ROA not before:           Mon 01 Jan 2024 08:30:33 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     205091
IP address blocks:        163.5.172.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/DOhRtt1dNk7hngs4IBs-jfJiS8s.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/DOhRtt1dNk7hngs4IBs-jfJiS8s.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/DOhRtt1dNk7hngs4IBs-jfJiS8s.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 04 May 2024 02:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:25:63:a8:88:99:1a:ab:3b:82:57:99:5b:0c:1f:cd
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0ce851b6dd5d364ee19e0b38201b3e8df2624bcb
        Validity
            Not Before: Jan  1 08:30:33 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=227f00008d36d63edef42dcecc289f7a6a465c65
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:96:49:ac:5e:fd:4a:d3:e1:2c:8d:e3:17:f9:78:
                    b6:25:fd:93:45:a0:ed:b6:05:5b:63:1a:34:8c:42:
                    54:4c:bb:1b:1a:0c:38:af:ec:fa:80:31:19:75:f4:
                    e5:48:18:64:10:a8:87:f6:c9:18:ce:05:00:eb:e1:
                    a2:89:eb:59:df:c7:7f:3c:95:dc:9b:1d:a5:07:6d:
                    09:33:55:47:aa:28:37:62:ed:ac:d8:0d:16:91:c4:
                    4c:ad:58:1c:25:24:a2:00:fa:3e:66:d8:94:03:75:
                    90:71:3d:a3:a3:07:12:88:dc:99:1a:a8:87:dd:2a:
                    9a:51:ac:01:bb:37:83:a3:88:a1:dd:3b:66:f7:af:
                    fb:99:3a:39:97:b3:ba:45:ef:77:8f:8d:3c:72:48:
                    ce:95:a4:fd:57:cc:57:25:94:10:e5:74:a3:95:8b:
                    f8:50:3e:bf:71:e2:84:8c:0d:32:1c:e2:3d:26:94:
                    b3:67:b7:a4:0f:74:51:ad:b1:f8:66:dd:78:f2:59:
                    3d:04:58:72:21:d7:2c:35:b8:09:bf:6d:37:91:b5:
                    c5:e9:ce:d4:e9:d8:08:83:6a:79:76:6c:02:5e:e8:
                    cb:ee:ce:2c:d4:50:df:4d:fa:33:77:23:1d:2f:23:
                    ed:33:ed:8a:d8:41:e3:d4:f8:08:4b:e5:5d:85:0e:
                    9f:c9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                22:7F:00:00:8D:36:D6:3E:DE:F4:2D:CE:CC:28:9F:7A:6A:46:5C:65
            X509v3 Authority Key Identifier:
                keyid:0C:E8:51:B6:DD:5D:36:4E:E1:9E:0B:38:20:1B:3E:8D:F2:62:4B:CB

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/DOhRtt1dNk7hngs4IBs-jfJiS8s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/In8AAI021j7e9C3OzCifempGXGU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/DOhRtt1dNk7hngs4IBs-jfJiS8s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  163.5.172.0/24

    Signature Algorithm: sha256WithRSAEncryption
         95:80:67:2d:0e:77:cb:af:be:64:db:86:32:68:7b:6b:0a:d0:
         f2:22:97:b4:d5:40:07:0d:8d:41:85:e6:5e:1a:97:bd:4f:89:
         f2:5e:77:30:08:cd:f6:31:8a:59:11:72:cd:4a:08:6a:2d:c8:
         7d:81:ec:4c:94:cd:d6:20:a8:04:08:43:2e:36:6b:b4:51:20:
         96:07:23:18:cc:ab:99:e9:7a:3c:54:4e:54:2c:a1:1b:54:11:
         f3:86:59:dc:20:9b:72:3f:6b:14:22:c5:2b:7c:33:39:fc:ce:
         0e:d0:f3:72:77:d4:39:9e:0a:a6:ae:05:2a:97:93:54:6d:95:
         e9:e7:08:ab:db:b8:99:ec:c7:0c:d7:3e:a1:03:10:88:b9:82:
         f0:58:e5:7b:0d:c9:00:50:8f:6b:d5:f0:93:4b:c7:56:01:54:
         fd:6e:e6:e9:33:eb:85:c6:da:80:3a:5f:19:f2:08:1b:62:89:
         63:64:62:2f:59:42:13:b6:07:16:93:68:fb:c2:9e:6c:7c:06:
         50:88:0b:b7:ad:e3:e4:bf:f2:46:85:d4:5e:4c:ab:31:78:f4:
         1f:79:75:df:d6:34:29:67:23:60:da:83:a7:2a:c6:76:46:ef:
         ba:cc:02:b8:79:fc:dc:fb:1a:02:8d:95:20:b8:bc:c7:91:dd:
         ee:a1:84:92
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzEJWOoiJkaqzuCV5lbDB/NMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBjZTg1MWI2ZGQ1ZDM2NGVlMTllMGIzODIwMWIzZThkZjI2
MjRiY2IwHhcNMjQwMTAxMDgzMDMzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyMjdmMDAwMDhkMzZkNjNlZGVmNDJkY2VjYzI4OWY3YTZhNDY1YzY1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlkmsXv1K0+EsjeMX+Xi2Jf2TRaDt
tgVbYxo0jEJUTLsbGgw4r+z6gDEZdfTlSBhkEKiH9skYzgUA6+GiietZ38d/PJXc
mx2lB20JM1VHqig3Yu2s2A0WkcRMrVgcJSSiAPo+ZtiUA3WQcT2jowcSiNyZGqiH
3SqaUawBuzeDo4ih3Ttm96/7mTo5l7O6Re93j408ckjOlaT9V8xXJZQQ5XSjlYv4
UD6/ceKEjA0yHOI9JpSzZ7ekD3RRrbH4Zt148lk9BFhyIdcsNbgJv203kbXF6c7U
6dgIg2p5dmwCXujL7s4s1FDfTfozdyMdLyPtM+2K2EHj1PgIS+VdhQ6fyQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFCJ/AACNNtY+3vQtzswon3pqRlxlMB8GA1UdIwQY
MBaAFAzoUbbdXTZO4Z4LOCAbPo3yYkvLMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRE9oUnR0MWROazdobmdzNElCcy1qZkppUzhzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xMy9kMDJkZmItOTY3My00OWE4LTk3MWMt
OWZlOTQxMDhmZjAxLzEvSW44QUFJMDIxajdlOUMzT3pDaWZlbXBHWEdVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xMy9kMDJkZmItOTY3My00OWE4LTk3MWMtOWZlOTQxMDhmZjAx
LzEvRE9oUnR0MWROazdobmdzNElCcy1qZkppUzhzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAowWsMA0G
CSqGSIb3DQEBCwUAA4IBAQCVgGctDnfLr75k24YyaHtrCtDyIpe01UAHDY1BheZe
Gpe9T4nyXncwCM32MYpZEXLNSghqLch9gexMlM3WIKgECEMuNmu0USCWByMYzKuZ
6Xo8VE5ULKEbVBHzhlncIJtyP2sUIsUrfDM5/M4O0PNyd9Q5ngqmrgUql5NUbZXp
5wir27iZ7McM1z6hAxCIuYLwWOV7DckAUI9r1fCTS8dWAVT9bubpM+uFxtqAOl8Z
8ggbYoljZGIvWUITtgcWk2j7wp5sfAZQiAu3rePkv/JGhdReTKsxePQfeXXf1jQp
ZyNg2oOnKsZ2Ru+6zAK4efzc+xoCjZUguLzHkd3uoYSS
-----END CERTIFICATE-----